Advancing Consumer Trust and Privacy: Internet Explorer in Windows 8

Today, Microsoft announced Windows 8 has reached Release Preview and Internet Explorer 10 in Windows 8 will have “Do Not Track” (DNT) on by default. This post includes additional thoughts about this important milestone in our effort to advance trust and consumer privacy online. Internet Explorer 10 on Windows 8 will be the first browser to have DNT on by default. Consumers can change this setting, but the default will be to send the DNT signal to websites that consumers visit.

Consumer Choice and Control

The idea of a DNT signal was in part born out of the work of the U.S. Federal Trade Commission which, in a December 2010 report, called on the technology and advertising industries to create a more uniform and comprehensive consumer choice mechanism for online behavioral advertising targeting. Very soon after that announcement, we included the opportunity for consumers to turn on the DNT signal, by adding DNT to IE9 in February 2011.

Our efforts to advance privacy, choice and control in Windows 8 build on the work we have done with Windows and IE in recent years. IE9 includes important privacy features, including Tracking Protection Lists (TPLs), which provide consumers with a powerful tool to manage their privacy and are only available in IE. While today’s announcement focuses on DNT, we remain committed to TPLs in IE10 in Windows.

We’ve made today’s decision because we believe in putting people first. We believe that consumers should have more control over how information about their online behavior is tracked, shared and used. Online advertising is an important part of the economy supporting publishers and content owners and helping businesses of all shapes and sizes to go to market. There is also value for consumers in personalized experiences and receiving advertising that is relevant to them.

Of course, we hope that many consumers will see this value and make a conscious choice to share information in order to receive more personalized ad content. For us, that is the key distinction. Consumers should be empowered to make an informed choice and, for these reasons, we believe that for IE10 in Windows 8, a privacy-by-default state for online behavioral advertising is the right approach.

Defining DNT for Websites

Sending a DNT signal from a browser is only part of the process. Obviously, for DNT to be effective, it is also important that websites have a common understanding of what the consumer expects when their browser sends the DNT signal. As well as engineering the world’s most used browser, Microsoft also owns and manages a growing advertising business – including a network that provides advertising to our own and other Web properties, so we have a unique perspective into this discussion.

At the moment there is not yet an agreed definition of how to respond to a DNT signal, and we know that a uniform, industry-wide response will be the best way to provide a consistent consumer experience across the Web. We also know from experiences – such as the P3P standard recommended by the World Wide Web Consortium (W3C) – that initiatives to advance privacy are much less effective if other industry leaders don’t join in adopting the approach.

With this in mind, we are doing two things. First, we are committed to using our positions on the relevant industry, government and standards bodies to push for a clear action for advertising networks to respect a browser DNT signal and opt users out of behavioral advertising. Second, as we announced in February, Microsoft Advertising intends to treat the do-not-track browser signal as an opt-out of behavioral advertising under the Digital Advertising Alliance’s self-regulatory program. Microsoft does not yet respond to the DNT signal, but we are actively working with other advertising industry leaders on what an implementation plan for DNT might look like, with a goal of announcing more details about our plans in the coming months.

Our decision to turn on DNT by default in IE10 for Windows 8 should be seen as part of this discussion, as it helps to provide clarity on one side of the discussion – when and how browsers send the DNT signal – and because it advances the idea of privacy as the default state.

An Important Step to Build Trust Online

In a world where consumers live a large part of their lives online, it is critical that we build trust that their personal information will be treated with respect, and that they will be given a choice to have their information used for unexpected purposes. While there is still work to do in agreeing on an industry-wide definition of DNT, we believe turning on Do Not Track by default in IE10 on Windows 8 is an important step in this process of establishing privacy by default, putting consumers in control and building trust online.

About the Author

Chief Privacy Officer, Microsoft

Brendon Lynch is the Chief Privacy Officer at Microsoft, where he has responsibilities for all aspects of Microsoft’s privacy approach, including privacy policy creation and implementation across the company, influencing the creation of privacy and data protection technologies for customers and overseeing communication and engagement with all external audiences.
Before joining Microsoft, Brendon led the privacy and risk solutions business at software maker Watchfire. Prior to entering the software industry in 2002, Brendon spent nine years in Europe and North America with PricewaterhouseCoopers, where he provided privacy and risk management consulting services.